Security

Extras

Amazon 'Important Message From Security Center' Phishing Scam

Outline
Email purporting to be from the Security Center at Amazon Web Services claims that recipients need to click a link to read an important message or risk having their Amazon account restricted.

Brief Analysis
The message is not from Amazon. It is a phishing scam designed to trick recipients into divulging their Amazon account login details and other personal and financial data to online criminals.

Example

Subject: Security Center - Amazon Web Services

Dear Amazon Account Holder,
You have an Important message from the
Amazon. Your Amazon account will be
restricted if you do not view and respond.
Click here to view message and update your
information's again on your account.

Best Regard
Amazon Shopping Service

Detailed Analysis

According to this email, which purports to be from the Security Center at Amazon Web Services, the recipient has an important message waiting online. The recipient is urged to click a link to read the message and update "information's" for the account. The message warns that the Amazon account will be restricted if the recipient does not respond.

However, the message is certainly not from anyone at Amazon. Instead, it is a phishing scam that attempts to fool recipients into handing over their personal and financial details to cybercriminals.

Those who comply and click the link as instructed will be taken to a fake website built to emulate a real Amazon page and asked to login with their Amazon email address and password. They will then be asked to "update account details" by providing credit card data and other personal information.

The information on the fake login and account update forms will be sent to the criminals operating the scam. The criminals can then use this stolen information to hijack real Amazon accounts, conduct fraudulent credit card transactions and steal identities.

Amazon, like other high-profile online entities such as PayPal and eBay, is almost constantly targeted by phishing scammers. These companies will never send you an unsolicited, generic email that claims that you must click a link or open an attachment to login and update account information. If you receive a suspect email, do not click on any links or open any attachments that it contains. It is always safest to access any and all of your online accounts by entering the account web address into your web browser's address bar rather than by clicking a link in an email.